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Amendments to the Claims: 

This listing of claims will replace ail prior versions, and listings, of claims in the application: 
Listing of Claims: 

1 . (Currently amended) A method for a decryptor to obtain a decryption, key from a key release 
agent comprising: 

a decryptor obtaining an encryption block comprising a data ciphertext requiring a 
decryption key to decrypt, the encryption block further comprising key related information 
associated with a first {public key, private key) pair, the encryption block further comprising a 
key ciphertext consisting of the decryption key encrypted by the first public key of the first 
{public key, private key} pair, the encryption block not including an ACD (access controlled 
decryption) block; 

the decryptor generating a key release request containing the key ciphertext, and 
the key related information and outputting the key release request to the key release agent[[;]] a 
the kev release request for use by the key release agent to l ocate decryptor authorization logic 
stored externally to the key release reque s t that is to be applied in determining whether or notto 
release the decryption kev: 

in the event the decryption kev is to be released, the decryptor receiving a key 
release response specifying the decryption key. 

2. (Currently amended) A method according to claim 1 further comprising: 

the decryptor making decryptor information available to the key release agent, the 
decryptor information for use by the key release agent in determining decryptor attributes^Jhe 
decryptor attributes for further use in determining whether o r not to release the decision key . 

3. (Original) A method according to claim 1 further comprising the decryptor using the 
decryption key to decrypt the data ciphertext. 

; 
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4. (Original) A method recording to claim 1 wherein the decryptor making the decryptor 
information available to the key release agent comprises including the decryptor information in 
the key release request, 

5. (Currently amended) A method according to claim [[1]] 2 wherein the decryptor maktngtfce 
decryptor information available to the key release agent comprises the decryptor providing the 

^ decryptor information to the key release agent while establishing a secure connection with the 

key release agent. 

6. (Currently amended) A method according to claim [[ 1 ]] 2 ftirther oomprisin ga^gEgin the 
decryptor making the decryptor information available to the key release agent by epmpns es 
providing a decryptor identifier which may be used to look up decryptor attributes #emstoredjn 
a repository external to the kev release request, 

7. (Original) A method according to claim 1 wherein the key related information comprises a 
key pair identifier. 

8. (Original) A method according to claim 1 further comprising: 

before generating the key release request, the decryptor determining if the private 
key of the first {public key, private key} pair is available at the decryptor; 

upon determining the private key of the first {public key, private key} pair is not 
avai lable at the decryptor generating the key release request. 

9. (Original) A method according to claim 1 further comprising: 

decrypting at least a portion of the key release response containing an encrypted 
version of the decryption key using a private key of a second {public key, private key} pair to 
^ recover the decryption key. 

10. (Currently amended) A method according to claim 1 wherein the encryption block comprises 
a plurality of key related information associated with a respective plurality of first {public key, 
private key} pairs, and a respective plurality of key ciphertexts each consisting of the decryption 
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key encrypted by the public key of a respective one of the plurality of first {public key, private 
key} pairs associated with the plurality of key related tffrfem>a^nsi n form ati on, the method 
comprising: 

generating the key release request containing the plurality of key ciphertcxts, aad 
the associated plurality of key related information. 

1 1. (Original) A method according to claim 10 further comprising: 

before generating the key release request, determining if at least one private key of 
the plurality of first (public key, private key} pairs is available at the decryptor; 

upon determining none of the private keys of the plurality of first {public key, 
private key} pairs is available at the decryptor generating the key release request, 

12. (Cancelled) 

13. (Currently amended) A key release method comprising: 

receiving a key ciphcrtext and key related information in respect of a key used to 
encrypt the key ciphertext from a decryptor; 

locating decryptor authorization lo^ic stored externally to the decrvotor with use 
of the key related information: 

obtaining decryptor information in respect of the decryptor; 

deciding based on the decryptor information and the key related 
informatio Hdecrvptor authorization logic whether decryption of the key ciphertext is to be 
permitted. 

14. (Original) A method according to claim 1 3 wherein the decryptor information is received 
from the decryptor together with the key ciphertext and key related information. 

15. (Original) A method according to claim 13 wherein obtaining decryptor information 
comprises receiving the decryptor information while establishing a secure connection with the 
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decryptor. 

1.6. (Original) A method according to claim 13 wherein obtaining decrypt information 
comprises: 

receiving from the decryptor a decryptor identifier; 

^ using the decryptor identifier to lookup decryptor attributes from a public 

repository, the decryptor identifier and decryptor attributes together constituting the decryptor 
information, 

17. (Original) A method according to claim 13 further comprising: 

using information in a certificate as the decryptor information. 

18. (Original) A method according to claim 17 further comprising: 

obtaining the certificate from a certificate repository. 

19. (Original) A method according to claim 17 further comprising receiving the certificate 
together with the key ciphertext and key related information. 

20. (Original) A method according to claim 13 wherein the decryptor information is an ideality 
or role of the decryptor, an alias, or a claim of access rights or privilege, or some other attribute 
of the decryptor of a corresponding decrypting device or platform. 

21 . (Original) A method according to claim 13 wherein the key related information comprises a 
key pair identifier. 

22. (Original) A method according to claim 1 3 further comprising: 

^ decrypting the key ciphertext, re-encrypting the key using a pubti c key of a 

{public key, private key} pair to produce a re-encrypted key, the private key of which is available 
to the decryptor, and sending the re-encrypted key to the decryptor. 

23- (Original) A method according to claim 1 3 further comprising: 
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decrypting the key ciphertcxt to obtain a decryption key; 
sending the decryP tion key *° the decryptor over a secure channel. 

24. (Original) A method according to claim .1 3 further comprising: 

decrypting the key ciphertext to obtain a decryption key; 

using a symmetric key available to the decryptor, encrypting the decryption fay 
with the symmetric key to produce an encrypted decryption key, and sending the encrypted 
decryption key to the decryptor. 

25. (Currently amended) A method according to claim 13 further comprising: 

receiving a plurality of key ciphertexts and respective key related information 
from the decryptor and determining whether at least one private key required to decrypt a 
respective at least one key ciphertext of the plurality of key ciphertexts is available; 

using the respective kev related information to locate respective decryptor 
authorization logic stored ex ternally to the decryptor; and 

upon determining such at least one private key is available, deciding based on the 
decryptor information and the respective decryp tor authorization logic whether decryption of at 
least one of the plurality of key ciphertexts is to be permitted. 

26. (Original) A method to claim 25 further comprising: 

decrypting one of the key ciphertexts using a corresponding private key to recover 
a decryption key. 

27. (Currently amended) A method according to claim 25 wherein deciding based on decryptor 
information of the decryptor and the koy related infomiati ea rcspecti ve decrypt o r authorization 
lo gic whether decryption of at least one of the key ciphertexts is to be permitted comprises 
applying the respective decryptor authorization logic associated with each public key used to 
encrypt the decryption key to the decryptor information to determine whether the decryptor 
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should be permitted access to the decryption key. 

28. (Currently amended) A method according to claim 13 wherein deciding based on decryptor 
information of the decryptor and the key relat e d infoffi Hrtiot ^ecrvpto r authorization log ic 
whether decryption of the key ciphertext is to be permitted comprises applying at least one rule 
of the decrvptor authorization logic associated with the public key used to encrypt the decryption 
key to die decryptor information to determine whether the decryptor should be permitted access 
to the decryption key?. 

29. (Currently amended) A method of controlling access to a decryption key comprising: 

receiving from a decryptor a key release request comprising decryptor information 
and the decryption key encrypted using a public key; 

locating decryption authorization logic stored externally to the key release request 
with use of th e public kev; 

applying die decryption authorization logic associated with the public lcoy uood to 
oncrypt tho docryption k e y to the decryptor information to determine whether the decryptor 
should be permitted access to the decryption key; 

upon determining the decryptor should be permitted access to the decryption key, 
sending a key release response specifying the decryption key. 

30. (Currently amended) A method of controlling access to decryption keys comprising: 

maintaining a private key repository comprising a plurality of access identifiers, 
and for each access identifier at least one key related information of a respective {public key, 
private key} pair, the repository also containing the private key of each {public key, private key} 
pair, 

maintaining a r e pository compri s ing for each acc e ss identifier a r e sp e ctiv e 
docryptor authorization logic which - oan be appli e d to a d e CTyptor -i nforaiati oa? 

obtaining decryptor information ? 
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receiving a key release request containing a decryption key encrypted using a 
public key of a {public key, private key} pair and containing a . key related information associated 
with the {public key, private key) pair; 

maintaining a repository residing externally to the key release requ est associating 
each access identifier with respective decrvpt o r aut horization lo^ic that can be applied to a 
decr vptor information; 

obtaining decrvptor information: 

for each access identifier in association with which the key related inform ation is 
stored, applying the respective decryptor authorization logic to the decrvptor information 
specified in the key release request; 

in the event the decryptor information satisfies at least one of the respective 
decryptor authorization logics, decrypting the ciphertext to recover the decryption key, and 
sending a key release response to the decryptor specifying the decryption key. 

3 1 . (Original) An admini strative interface compri sing: 

a private key repository maintenance function adapted to allow adding and 
deleting of a key related information and associated private key of a {public key, private key} 
pair; and 

a decryptor authorization logic definition function adapted to allow the definition 
of decryptor authorization logic to be applied to decryptor information to determine eligibility to 
decrypt, and for each decryptor authorization logic to select one or more of the key related 
information in respect of which the rule is to be applied. 

v_ 32. (Original) An administrative interface according to claim 31 wherein the private key 

repository maintenance function is further adapted to store the key related information and 
associated private key of a {public key, private key} pair in association with one of a plurality of 
access identifiers; 
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and wherein the decryptor authorization logic definition function is further 
adapted to store each authorisation logic in association with one of the plurality of access 
identifiers. 

33. (Currently amended) A decryptor comprising: 

^ means for obtaining an encryption block comprising a data ciphertext requiring a 

decryption key to decrypt, the encryption block further comprising key related information 
associated with a first {public key, private key} pair, the encryption block further comprising a 
key ciphertext consisting of the decryption key encrypted by the first pub lie key of the first 
{public key, private key} pair, the encryption block not including an A CD (access controlled 
decryption) block; 

means for generating a key release request containing the key ciphertext, and the 
key related information and outputting the key release request to the key release agent; 

means for making making decryptor information available to the kev release 
agent the decrvptor information for use by the key release agent to obtain decryptor auth orisation 
logic stored externally to the kev release request that is to be a pplied in determining whether or 
not to release the decryption key: 

means for receiving a key release response specifying the decryption key, 

34. (Cancelled) 

35. (Currently amended) A decryptor according to claim 33 further comprising means for using 
the decryption key to decrypt the data ciphertext, 

36. (Original) A decryptor according to clam 33 adapted to make the decryptor information 
available to the key release agent by including the decryptor information in the key release 
request. 

37. (Original) A decryptor according to claim 33 further comprising means for decrypting at 
least a portion of the key release response containing an encrypted version of the decryption key 
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using a private key of a second {public key, private key} pair to recover the decryption key, 

38. (Currently amended) A key release agent comprising: 

means for receiving from a decryptor a key ciphertext and key related inforaafon 
in respect of a key used to encrypt the key ciphertext; 

means for locating decryptor authorization logic stored externally to thedeayptor 
with use of the key related information: 

means for obtaining decryptor information in respect of the decryptor; and 

means for deciding based on decryptor information of the decryptor and thefcey 
rented informntion decrvotor authorization logic whether decryption of the key ciphertext is to be 
permitted. 

39. (Original) A key release agent according to claim 38 adapted to receive the decryptor 
information together with the key ciphertext and key related information. 

40. (Currently amended) A key release agent according to claim 38 adapted to use 4bea decryptor 
identifier to lookup decryptor attributes from a repository, the decryptor identifier and decryptor 
attributes together constituting the decryptor information. 

41 . (Currently amended) A key release agent according to claim 38 further comprising: 

decrypting means for decrypting the key ciphertext^; 

encryption means for re-encrypting the key using a public key of a {public key, 
private key} pair to produce a rc-encrypted key, the private key of which is available to the 
decryptor, 

means for sending the re-encrypted key to the decryptor. 

42. (Currently amended) A key release agent according to claim 38 further comprising: 

means for applying decryptor authorization logic associated with each public key 
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used to encrypt the decryption key to the decryptor information for determining whether die 
decryptor should be permitted access to the decryption key. 
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